You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

A new Ransomware as a Service, or RaaS called Satan Ransomware has been discovered. This ransomware will encrypt a victims data, scramble the encrypted file's name, and then append the .STN extension to the file name.

For example, a file called test.jpg may be encrypted as aswm.stn.

When it has finished encrypting a computer, it will display a ransom note named HELP_DECRYPT_FILES.html, which is displayed below. Unfortunately, there is no way to decrypt this ransomware at this time.

Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain. Further, there is no guarantee that paying the ransom will actually result in the restoration (decryption) of your files.

Grinler (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

...Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay a ransom unless it is absolutely necessary for data recovery...Last, but not least, it is important to remember that paying the ransom only continues to fuel the release of new variants of these types of programs.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Some victims reported they paid the ransom but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the key and decryption software they received did not work or resulted in errors. Still others have reported paying the ransom only to discover the criminals wanted more money or threatened to expose data unless additional payment was made. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place.

One of my clients was hit with satan last week, they had their backups deleted. They paid the ransom and were able to get their files back. Here's the private key and decrypter used: https://fhoqzxgahij5dl2u.onion.to/CtA9Ogm8

I'm always against paying the ransom. In this case though the clients last backup was 2014 and they lost everything. There was no choice.

The decryptor they provide doesn't work. The client is probably closing their business as a result. There was no real choice but to try in this case. Just want to put the warning out there. Some ransomware when you're stuck if you pay you get your files back. Not this one.

Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain. Further, there is no guarantee that paying the ransom will actually result in the restoration (decryption) of your files.

Grinler (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

...Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay a ransom unless it is absolutely necessary for data recovery...Last, but not least, it is important to remember that paying the ransom only continues to fuel the release of new variants of these types of programs.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Some victims reported they paid the ransom but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the key and decryption software they received did not work or resulted in errors. Still others have reported paying the ransom only to discover the criminals wanted more money or threatened to expose data unless additional payment was made. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place.

I tried that decryptor but again no luck. The private keys are different for each system. A warning to people hit by it that this one is likely not worth paying as you're just losing money as well as files

One of my clients was hit with satan last week, they had their backups deleted. They paid the ransom and were able to get their files back. Here's the private key and decrypter used: https://fhoqzxgahij5dl2u.onion.to/CtA9Ogm8